[Bypass] SparkHup Disclosure of business employees by AR Manger
Oct 21, 2019•Channel
AI Analysis
Data from YouTube Data API v3•Updated Just now
Video Overview
Video Details
PublishedOct 21, 2019
Duration1:40
Video ID81MFf3mM2Fc
Languagear
CategoryScience & Technology
PrivacyPublic
Made for KidsNo
Video TypeRegular Video
Performance Metrics
Views6.1K
Likes194
Comments33
Engagement Rate3.71%
Likes per 100 views3.17
Comments per 1K views5.39
Description
Thank god! My 10th BUG in this year on facebook, I got acknowledged by Facebook Security Team After discovering a security issue /sparkarhub/. This flaw allowed me to BYPASS the security patching done by Facebook's security team to my previous report. This again allowed any potential attacker to leak the Business Account Manager.
Impact: could have disclosed the identity of an employee within Business Manager to other page admins.
Bug type: Privacy / information disclosure
الحمد لله، مجددا الثغرة العاشره في فيسبوك لهذا العام. حصلت على اعتراف من الفريق الامني في شركة فيسبوك بعد أبلاغي عن خلل امني في خدمة "sparkarhub"، حيث سمح لي هذا الخلل الامني بتجاوز الترقيع الامني لثغرة قمت باكتشافها سابقا و قام الفريق الامني بأصلاحها ولاكن تبين بعد ألاختبار ان هذا الخلل من الممكن أعادة توليده مره أخرى والحصول على نفس التأثير السابق. أدى هذا الخلل الى أعطاء اي مهاجم محتمل القدرة على تحديد مسؤول حساب الاعمال
PoC Video: [ Soon]
Timeline:
04/Sep/2019: Submit report
06/Spe/2019: Managed to reproduce
09/Sep/2019: Close Report as "Informative"
10/Sep/2019: I Sent objection and more information
13/Sep/2019: Close Report as "Informative"
14/Sep/2019:I Sent objection and more information
17/Sep/2019: Managed to reproduce
21/Sep/2019: Further investigation
25/Sep/2019: Vulnerability patched
18/Oct/2019: Bounty awarded by Facebook